CVE-2026-4743 - Vulnerability Details - OpenCVE

NULL Pointer Dereference vulnerability in taurusxin ncmdump (‎src/utils‎ modules). This vulnerability is associated with program files cJSON.Cpp‎. This issue affects ncmdump: before 1.4.0.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Taurusxin	Ncmdump

No data.

No data.

References

Link	Providers
https://github.com/taurusxin/ncmdump/pull/52

History

Tue, 24 Mar 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 24 Mar 2026 10:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Taurusxin Taurusxin ncmdump
Vendors & Products		Taurusxin Taurusxin ncmdump

Tue, 24 Mar 2026 03:30:00 +0000

Type	Values Removed	Values Added
Description		NULL Pointer Dereference vulnerability in taurusxin ncmdump (‎src/utils‎ modules). This vulnerability is associated with program files cJSON.Cpp‎. This issue affects ncmdump: before 1.4.0.
Title		Null-Pointer Dereference Vulnerability in taurusxin/ncmdump
Weaknesses		CWE-476
References		https://github.com/taurusxin/ncmdump/pull/52
Metrics		cvssV4_0 `{'score': 5.2, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/S:N/AU:N/R:U/V:D/RE:L/U:Green'}`

MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published: 2026-03-24T03:25:07.207Z

Updated: 2026-03-24T14:33:16.182Z

Reserved: 2026-03-24T03:24:40.510Z

Link: CVE-2026-4743

Vulnrichment

Updated: 2026-03-24T14:33:12.513Z

NVD

Status : Awaiting Analysis

Published: 2026-03-24T04:17:31.497

Modified: 2026-03-24T15:53:48.067

Link: CVE-2026-4743

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4743", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-03-24T03:24:40.510Z", "datePublished": "2026-03-24T03:25:07.207Z", "dateUpdated": "2026-03-24T14:33:16.182Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T03:25:07.207Z"}, "title": "Null-Pointer Dereference Vulnerability in taurusxin/ncmdump", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "type": "CWE"}]}], "affected": [{"vendor": "taurusxin", "product": "ncmdump", "collectionURL": "https://github.com/taurusxin/ncmdump", "modules": ["\u200esrc/utils\u200e"], "programFiles": ["cJSON.cpp\u200e"], "versions": [{"status": "affected", "version": "0", "lessThan": "1.4.0", "versionType": "git"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "NULL Pointer Dereference vulnerability in taurusxin ncmdump (\u200esrc/utils\u200e modules). This vulnerability is associated with program files cJSON.Cpp\u200e.\n\nThis issue affects ncmdump: before 1.4.0.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "NULL Pointer Dereference vulnerability in taurusxin ncmdump (\u200esrc/utils\u200e modules).<p> This vulnerability is associated with program files cJSON.Cpp\u200e.</p><p>This issue affects ncmdump: before 1.4.0.</p>"}]}], "references": [{"url": "https://github.com/taurusxin/ncmdump/pull/52", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "Safety": "NEGLIGIBLE", "Automatable": "NO", "Recovery": "USER", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "LOW", "providerUrgency": "GREEN", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 5.2, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/S:N/AU:N/R:U/V:D/RE:L/U:Green"}}], "credits": [{"lang": "en", "value": "TITAN Team (titancaproject@gmail.com)", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T14:33:09.110911Z", "id": "CVE-2026-4743", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:33:16.182Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4743", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T14:33:09.110911Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:33:12.513Z"}}], "cna": {"title": "Null-Pointer Dereference Vulnerability in taurusxin/ncmdump", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "USER", "baseScore": 5.2, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/S:N/AU:N/R:U/V:D/RE:L/U:Green", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "GREEN", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "taurusxin", "modules": ["\u200esrc/utils\u200e"], "product": "ncmdump", "versions": [{"status": "affected", "version": "0", "lessThan": "1.4.0", "versionType": "git"}], "programFiles": ["cJSON.cpp\u200e"], "collectionURL": "https://github.com/taurusxin/ncmdump", "defaultStatus": "affected"}], "references": [{"url": "https://github.com/taurusxin/ncmdump/pull/52", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "NULL Pointer Dereference vulnerability in taurusxin ncmdump (\u200esrc/utils\u200e modules). This vulnerability is associated with program files cJSON.Cpp\u200e.\n\nThis issue affects ncmdump: before 1.4.0.", "supportingMedia": [{"type": "text/html", "value": "NULL Pointer Dereference vulnerability in taurusxin ncmdump (\u200esrc/utils\u200e modules).<p> This vulnerability is associated with program files cJSON.Cpp\u200e.</p><p>This issue affects ncmdump: before 1.4.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T03:25:07.207Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4743", "state": "PUBLISHED", "dateUpdated": "2026-03-24T14:33:16.182Z", "dateReserved": "2026-03-24T03:24:40.510Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-03-24T03:25:07.207Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "NULL Pointer Dereference vulnerability in taurusxin ncmdump (\u200esrc/utils\u200e modules). This vulnerability is associated with program files cJSON.Cpp\u200e.\n\nThis issue affects ncmdump: before 1.4.0."}, {"lang": "es", "value": "Vulnerabilidad de desreferencia de puntero NULL en taurusxin ncmdump (m\u00f3dulos ?src/utils?). Esta vulnerabilidad est\u00e1 asociada con los archivos de programa cJSON.Cpp?.\n\nEste problema afecta a ncmdump: antes de la 1.4.0."}], "id": "CVE-2026-4743", "lastModified": "2026-03-24T15:53:48.067", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "GREEN", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-03-24T04:17:31.497", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/taurusxin/ncmdump/pull/52"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}